Hi, Recently I have renewed the SSL certificate (issued from Thawte) since then I am facing the problem. The old ssl certificate (also from Thawte) which ran almost two years without any problem. I have two issues - 1. If I start squid with "-DYNCd3" I enter pass phrase correctly and htpps acceleration work ok but it abort after a day or so giving error. Please see below - [root@Squid-Rev logs]# ../../sbin/squid -DYNCd3 2009/01/28 09:23:43| Initializing https proxy context 2009/01/28 09:23:43| Initializing https_port 10.1.1.100:443 SSL context 2009/01/28 09:23:43| Using certificate in /usr/local/ssl/mail.domain.com.crt 2009/01/28 09:23:43| Using private key in /usr/local/ssl/mail.domain.com.key Enter PEM pass phrase: 2009/01/28 09:23:48| Starting Squid Cache version 3.0.PRE5 for i686-pc-linux-gnu ... 2009/01/28 09:23:48| Process ID 2713 2009/01/28 09:23:48| With 1024 file descriptors available 2009/01/28 09:23:48| DNS Socket created at 0.0.0.0, port 1083, FD 4 2009/01/28 09:23:48| Adding domain localdomain from /etc/resolv.conf 2009/01/28 09:23:48| Adding nameserver 196.1.69.98 from /etc/resolv.conf 2009/01/28 09:23:48| Adding nameserver 196.1.69.99 from /etc/resolv.conf 2009/01/28 09:23:48| Adding nameserver 10.1.1.104 from /etc/resolv.conf 2009/01/28 09:23:48| Adding nameserver 168.187.78.18 from /etc/resolv.conf 2009/01/28 09:23:48| Adding nameserver 168.187.198.11 from /etc/resolv.conf 2009/01/28 09:23:48| Adding nameserver 168.187.198.12 from /etc/resolv.conf 2009/01/28 09:23:48| Unlinkd pipe opened on FD 9 2009/01/28 09:23:48| Swap maxSize 102400 KB, estimated 7876 objects 2009/01/28 09:23:48| Target number of buckets: 393 2009/01/28 09:23:48| Using 8192 Store buckets 2009/01/28 09:23:48| Max Mem size: 8192 KB 2009/01/28 09:23:48| Max Swap size: 102400 KB 2009/01/28 09:23:48| Rebuilding storage in /usr/local/squid/var/cache (CLEAN) 2009/01/28 09:23:48| Using Least Load store dir selection 2009/01/28 09:23:48| Set Current Directory to /usr/local/squid/var/cache 2009/01/28 09:23:48| Loaded Icons. 2009/01/28 09:23:48| Accepting HTTPS connections at 10.1.1.100, port 443, FD 10. 2009/01/28 09:23:48| Accepting ICP messages at 0.0.0.0, port 3130, FD 11. 2009/01/28 09:23:48| WCCP Disabled. 2009/01/28 09:23:48| Configuring Parent mail.domain.com/80/0 2009/01/28 09:23:48| Ready to serve requests. 2009/01/28 09:24:02| Done scanning /usr/local/squid/var/cache swaplog (0 entries ) 2009/01/28 09:24:02| Finished rebuilding storage from disk. 2009/01/28 09:24:02| 0 Entries scanned 2009/01/28 09:24:02| 0 Invalid entries. 2009/01/28 09:24:02| 0 With invalid flags. 2009/01/28 09:24:02| 0 Objects loaded. 2009/01/28 09:24:02| 0 Objects expired. 2009/01/28 09:24:02| 0 Objects cancelled. 2009/01/28 09:24:02| 0 Duplicate URLs purged. 2009/01/28 09:24:02| 0 Swapfile clashes avoided. 2009/01/28 09:24:02| Took 14.3 seconds ( 0.0 objects/sec). 2009/01/28 09:24:02| Beginning Validation Procedure 2009/01/28 09:24:02| Completed Validation Procedure 2009/01/28 09:24:02| Validated 25 Entries 2009/01/28 09:24:02| store_swap_size = 0 2009/01/28 09:24:02| storeLateRelease: released 0 objects . . . . 2009/02/01 01:07:09| clientNegotiateSSL: Error negotiating SSL connection on FD 12: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message (1/0) 2009/02/01 02:06:43| clientNegotiateSSL: Error negotiating SSL connection on FD 12: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message (1/0) 2009/02/01 03:04:12| assertion failed: client_side.cc:2479: "conn->in.abortedSize == (size_t)conn->bodySizeLeft()" Aborted ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ When I start like - [root@Squid-Rev logs]# ../../sbin/squid Enter PEM pass phrase: [root@Squid-Rev logs]# Cache.log registeres errors. Please see following - 2009/01/28 09:42:31| Initializing https proxy context 2009/01/28 09:42:31| Initializing https_port 10.1.1.100:443 SSL context 2009/01/28 09:42:31| Using certificate in /usr/local/ssl/mail.domain.com.crt 2009/01/28 09:42:31| Using private key in /usr/local/ssl/mail.domain.com.key 2009/01/28 09:42:42| Initializing https proxy context 2009/01/28 09:42:42| Initializing https_port 10.1.1.100:443 SSL context 2009/01/28 09:42:42| Using certificate in /usr/local/ssl/mail.domain.com.crt 2009/01/28 09:42:42| Using private key in /usr/local/ssl/mail.domain.com.key 2009/01/28 09:42:42| Failed to acquire SSL private key '/usr/local/ssl/mail.domain.com.key': error :0906406D:PEM routines:DEF_CALLBACK:problems getting password 2009/01/28 09:42:42| Starting Squid Cache version 3.0.PRE5 for i686-pc-linux-gnu... 2009/01/28 09:42:42| Process ID 2734 2009/01/28 09:42:42| With 1024 file descriptors available 2009/01/28 09:42:42| Performing DNS Tests... 2009/01/28 09:42:42| Successful DNS name lookup tests... 2009/01/28 09:42:42| DNS Socket created at 0.0.0.0, port 1083, FD 6 2009/01/28 09:42:42| Adding domain localdomain from /etc/resolv.conf 2009/01/28 09:42:42| Adding nameserver 196.1.69.98 from /etc/resolv.conf 2009/01/28 09:42:42| Adding nameserver 196.1.69.99 from /etc/resolv.conf 2009/01/28 09:42:42| Adding nameserver 10.1.1.104 from /etc/resolv.conf 2009/01/28 09:42:42| Adding nameserver 168.187.78.18 from /etc/resolv.conf 2009/01/28 09:42:42| Adding nameserver 168.187.198.11 from /etc/resolv.conf 2009/01/28 09:42:42| Adding nameserver 168.187.198.12 from /etc/resolv.conf 2009/01/28 09:42:42| Unlinkd pipe opened on FD 11 2009/01/28 09:42:42| Swap maxSize 102400 KB, estimated 7876 objects 2009/01/28 09:42:42| Target number of buckets: 393 2009/01/28 09:42:42| Using 8192 Store buckets 2009/01/28 09:42:42| Max Mem size: 8192 KB 2009/01/28 09:42:42| Max Swap size: 102400 KB 2009/01/28 09:42:42| Rebuilding storage in /usr/local/squid/var/cache (CLEAN) 2009/01/28 09:42:42| Using Least Load store dir selection 2009/01/28 09:42:42| Set Current Directory to /usr/local/squid/var/cache 2009/01/28 09:42:42| Loaded Icons. 2009/01/28 09:42:42| Can not accept HTTPS connections at 10.1.1.100, port 443 2009/01/28 09:42:42| Accepting HTTPS connections at 10.1.1.100, port 443, FD 12. 2009/01/28 09:42:42| Accepting ICP messages at 0.0.0.0, port 3130, FD 13. 2009/01/28 09:42:42| WCCP Disabled. 2009/01/28 09:42:42| Configuring Parent mail.domain.com/80/0 2009/01/28 09:42:42| Ready to serve requests. 2009/01/28 09:42:48| Done scanning /usr/local/squid/var/cache swaplog (0 entries) 2009/01/28 09:42:48| Finished rebuilding storage from disk. 2009/01/28 09:42:48| 0 Entries scanned 2009/01/28 09:42:48| 0 Invalid entries. 2009/01/28 09:42:48| 0 With invalid flags. 2009/01/28 09:42:48| 0 Objects loaded. 2009/01/28 09:42:48| 0 Objects expired. 2009/01/28 09:42:48| 0 Objects cancelled. 2009/01/28 09:42:48| 0 Duplicate URLs purged. 2009/01/28 09:42:48| 0 Swapfile clashes avoided. 2009/01/28 09:42:48| Took 6.1 seconds ( 0.0 objects/sec). 2009/01/28 09:42:48| Beginning Validation Procedure 2009/01/28 09:42:48| Completed Validation Procedure 2009/01/28 09:42:48| Validated 25 Entries 2009/01/28 09:42:48| store_swap_size = 0 2009/01/28 09:42:49| storeLateRelease: released 0 objects 2009/01/28 09:43:17| httpsAccept: Error allocating handle: error:0906A068:PEM routines:PEM_do_head er:bad password read 2009/01/28 09:43:17| httpsAccept: Error allocating handle: error:140B0009:SSL routines:SSL_CTX_use _PrivateKey_file:PEM lib 2009/01/28 09:43:17| httpsAccept: Error allocating handle: error:140BA0C3:SSL routines:SSL_new:nul l ssl ctx +++++++++++++++++++++++++++++++++++++++++++++++ In this case port 443 opens but OWA does not work. I had no issue with old ssl certificate which will expire soon after almost two years and squid ran very stably during this time. Please suggest what has wrong with new ssl. I even tried with a test certificate from Thawte with same problem. Thanks, Rakesh Kumar Attention: Any non-official business related views, opinions and other information presented in this electronic mail are solely those of the sender/author. Burgan Bank does not endorse or accept responsibility for their opinions. If you are not the addressed indicated in this mail or responsible for delivering this message to the intended, you should delete this message and notify the sender immediately. ------------------------------------------------------- Burgan Bank S.A.K www.burgan.com
